SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libcryptopp8_9_0-8.9.0-lp154.3.1.x86_64.rpm :

* Thu Jan 04 2024 pgajdosAATTsuse.com- security update- added patches fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS https://github.com/weidai11/cryptopp/pull/1255 + libcryptopp-CVE-2023-50981.patch
* Thu Dec 21 2023 pgajdosAATTsuse.com- version update to 8.9.0
* Crypto++ 8.9 was released on October 1, 2023. The 8.9 release was a minor, unplanned release. There were no CVEs and one memory error.
* The 8.9 release was driven by the fix for `ProcessData`, and the failures when `inString==outString`. Also see GH #1231, Rabbit Produces null Keystream When inString == outString.
* Release notes
* ===========
* minor release, recompile of programs required
* expanded community input and support
* 88 unique contributors as of this release
* add additional tests to datatest.cpp
* fix SIMON128 Asan finding on POWER8
* fix AES/CFB and AES/CTR modes self test failures when using Cryptogams AES on ARMv7
* fix ARIA/CTR mode self test failures when inString==outString
* fix HIGHT/CTR mode self test failures when inString==outString
* fix Rabbit/CTR mode self test failures when inString==outString
* fix HC128/CTR and HC256/CTR mode self test failures when inString==outString
* fix Prime Table and dangling reference to a temporary
* fix Singleton::Ref() when using C++11 memory fences
* remove unneeded call to Crop() in Randomize()- modified patches % libcryptopp-shared.patch (refreshed)- modified sources % baselibs.conf- added patches fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file + libcryptopp-CVE-2023-50980.patch
* Sun Jul 16 2023 Dirk Müller - update to 8.8.0:
* minor release, recompile of programs required
* expanded community input and support
* 88 unique contributors as of this release
* fix crash in cryptest.exe when invoked with no options
* fix crash in library due to GCC removing live code
* fix RSA with key size 16 may provide an invalid key
* fix failure to build on 32-bit x86
* fix failure to build on iPhone Simulator for arm64
* fix failure to build on Windows arm64
* test for SSSE3 before using the ISA
* fix include of when using MSVC
* improve performance of CRC32C_Update_SSE42 for x86-64
* update documentation
* Wed Aug 10 2022 Bernhard Wiedemann - Enable SSE2 to fix i586 build
* Tue Aug 09 2022 Bernhard Wiedemann - Update to 8.7.0- https://cryptopp.com/release870.html
* fix RSA key generation for small moduli (GH #1136)
* fix AES-GCM with AESNI but without CLMUL (GH #1132)
* rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData (GH #1088, GH #1103) + restored performance and avoided performance penalty of a temp buffer
* fix undersized SecBlock buffer in Integer bit operations (GH #1072)
* work around several GCC 11 & 12 problems
* Sat Sep 25 2021 Dave Plater - Update to 8.6.0-upstream changes:
* This release clears CVE-2021-40530 and fixes a problem with ChaCha20 AVX2 implementation.
* The CVE was due to ElGamal encryption using a work estimate to size encryption exponents instead subgroup order.
* The ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The ChaCha20 issue was difficult to duplicate, so most users should not experience it.
* Wed Mar 17 2021 Dirk Müller - update to 8.5.0:
* minor release, no recompile of programs required
* expanded community input and support
* 70 unique contributors as of this release
* port to Apple M1 hardware
* Sat Jan 02 2021 Dave Plater - Update to version 8.4.0 and remove obsolete patches: 0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch, 0001-Fix-missing-if-statement.patch and cve-2019-14318.patch- Upstream changes:
* fix use of macro CRYPTOPP_ALIGN_DATA
* fix potential out-of-bounds read in ECDSA
* fix std::bad_alloc when using ByteQueue in pipeline
* fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
* fix potential out-of-bounds read in GCM mode
* add configure.sh when preprocessor macros fail
* fix potential out-of-bounds read in SipHash
* fix compile error on POWER9 due to vec_xl_be
* fix K233 curve on POWER8
* add Cirrus CI testing
* fix broken encryption for some 64-bit ciphers
* disable RDRAND and RDSEED for some AMD processors
* fix BLAKE2 hash calculation using Salt and Personalization
* add XTS mode
* fix circular dependency between misc.h and secblock.h
* add Certificate interface
* fix recursion in AES::Encryption without AESNI
* add missing OID for ElGamal encryption
* fix missing override in KeyDerivationFunction-derived classes
* fix RDSEED assemble under MSVC
* fix elliptic curve timing leaks (CVE-2019-14318)
* add link-library variable to Makefiles
* fix SIZE_MAX definition in misc.h
* add GetWord64 and PutWord64 to BufferedTransformation
* use HKDF in AutoSeededX917RNG::Reseed
* fix Asan finding in VMAC on i686 in inline asm
* fix undeclared identifier _mm_roti_epi64 on Gentoo
* fix ECIES and GetSymmetricKeyLength
* fix possible divide by zero in PKCS5_PBKDF2_HMAC
* refine ASN.1 encoders and decoders
* disable BMI2 code paths in Integer class
* fix use of CRYPTOPP_CLANG_VERSION
* add NEON SHA1, SHA256 and SHA512 from Cryptogams
* add ARM SHA1, SHA256 and SHA512 from Cryptogams
* fix reference binding to misaligned address in xed25519
* clear asserts in TestDataNameValuePairs
* fix SIGILL on POWER8 when compiling with GCC 10
* fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
* revert changes for constant-time elliptic curve algorithms
* Thu Jul 02 2020 Tomáš Chvátal - Simplify the baselibs creation- Do not BR unzip as the tarball is tar.gz- Generate the pc file with cat not bunch of echos
* Sun Aug 11 2019 Dave Plater - Added cve-2019-14318.patch which fixes (1)leak in ECDSA nonce length; and (2) leak in prime fields (ECP class).- See boo#1145187- Disabled LTO for i586 to fix build failure.
* Sat Jul 20 2019 Dave Plater - Update to major version 8.2.0- Filter out -flto= flag for arm7 see cryptopp issue#865- Remove 0001-disable_os_rng_test.patch which is no longer needed.- Rebase libcryptopp-shared.patch- Added patchs from git which is indicated in cryptopp issue#865: 0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch and 0001-Fix-missing-if-statement.patch. Upstream changes since 7.0.0:
* use PowerPC unaligned loads and stores with Power8
* add SKIPJACK test vectors
* fix SHAKE-128 and SHAKE-256 compile
* removed IS_NEON from Makefile
* fix Aarch64 build on Fedora 29
* fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL
* add missing BLAKE2 constructors
* fix missing BlockSize() in BLAKE2 classes
* add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
* add carryless multiplies for NIST b233 and k233 curves
* fix OpenMP build due to use of OpenMP 4 with down-level compilers
* add SignStream and VerifyStream for ed25519 and large files
* fix missing AlgorithmProvider in PanamaHash
* add SHAKE-128 and SHAKE-256
* fix AVX2 build due to _mm256_broadcastsi128_si256
* add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305
* add x25519 key exchange and ed25519 signature scheme
* add limited Asymmetric Key Package support from RFC 5958
* add Power9 DARN random number generator support
* add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
* fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms
* cutover to GNU Make-based cpu feature tests
* rename files with dashes to underscores
* fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
* avoid Singleton when possible, avoid std::call_once completely
* fix SPARC alignment problems due to GetAlignmentOf() on word64
* add ARM AES asm implementation from Cryptogams
* remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support
* Sat Nov 17 2018 Adam Mizerski - update to v7.0.0
* changelog available at https://cryptopp.com/release700.html and in packaged Readme.txt- Refreshed patches
* 0001-disable_os_rng_test.patch
* libcryptopp-shared.patch- Dropped patch reproducible.patch - merged upstream
* Sat May 20 2017 bwiedemannAATTsuse.com- Add reproducible.patch to sort input files to make build fully reproducible
* Fri Mar 03 2017 davejplaterAATTgmail.com- Added patch field to soname due to library not following proper API/ABI versioning to fix boo#1027192.- Removed crypto.pc and generate it in the spec file to ensure proper version and directories.- Changed libcryptopp-shared.patch.- Renamed library package and obsoleted old name.- added precheckin_baselibs.sh and updated baselibs.conf
* Thu Feb 23 2017 adamAATTmizerski.pl- update to 5.6.5
* Rebase libcryptopp-shared.patch
* Rebase 0001-disable_os_rng_test.patch- enable openmp usage
* Thu Feb 02 2017 jengelhAATTinai.de- Add obsoletes tag for dropped static lib
* Sat Jan 28 2017 jengelhAATTinai.de- Remove libcryptoo-devel-static, this seems unused in Factory.
* Sat Jan 28 2017 jengelhAATTinai.de- Update descriptions
* Mon Sep 12 2016 bwiedemannAATTsuse.com- Update to 5.6.4
* Use proper openSUSE-style library naming
* Drop upstream libcryptopp-s390.patch
* Drop upstream libcryptopp-m68k.patch
* Drop upstream libcryptopp-CVE-2015-2141.patch
* Drop upstream cryptopp-gcc6.patch
* Rebase libcryptopp-shared.patch
* Rebase 0001-disable_os_rng_test.patch
* Mon Jun 20 2016 iAATTmarguerite.su- add patch cryptopp-gcc6.patch
* fix boo#985143
* fix narrowing conversion from unsigned int to int inside {}
* Wed Jul 08 2015 bwiedemannAATTsuse.com- prevent timing attack to get secret key (bnc#936435, CVE-2015-2141) add libcryptopp-CVE-2015-2141.patch
  
ICM